The implementation of the CISA examination has resulted in a considerable standardization of skills and functions among auditors in the IT industry. This was an extremely necessary step, as this is a fast growing and ever changing industry, an industry in a constant change of flux, and rules and guidelines that might apply perfectly well today could well turn out to be completely invalid a few months down the line. The CISA examinations, by meticulous testing of applicants, holds the industry to the requirements and guidelines of Information Systems Audit and Control Association, or ISACA.

By strenuous testing (the examination is 200 questions long and lasts four whole hours!) the CISA ensures that it covers every aspect of an auditors job, from Information Security Processes to Systems and Infrastructure Lifecycle Management.

Now what exactly is the point of all this? It's very simple. An IT auditor's job can be just as strenuous as the examination. As an example, one of the goals of an auditor's mandate is to not only maintain the smooth functioning of the organization, but to make sure it survives - to literally extend it's lifespan. This comes under the auspices of what we call Information Technology Governance, one of the areas covered by the CISA. One learns to assess and manage business risks, and to ensure that the organization complies with standard accounting practices.

The whole integral concept of IT management involves the study and control of the different components of the business. This covers not only the identification and acquisition of key components, but also their later installation and management. One has to ensure that implementing new strategies actually fits into the overall company, and does not end by disrupting the smooth running of the organization - because without this the organization will be unable to meet it's goals.

There are other aspects that are covered - Systems and Infrastructure Lifecycle Management was another area we mentioned. Here, with the aid of potent tools, data is documented and then secured. These are the core integral aspects of the process.

The failure of backups after a catastrophic failure of main systems is unacceptable - so current and regular backups of all systems is key. It's absolutely essential to ensure that the core data bank remains secure - and it's equally crucial to ensure that any backup systems also retain their integrity. For this to succeed, not only do we need backup systems in place, but we also need to ensure that we have a schedule upon which we can work to ensure re-integration of backups with the main database in case of a catastrophic failure.